The question of on-line identity has been an active area of research for a number of years. The question of whether a person or organization is who they claim to be has produced a number of web-based innovations. Often associated with on-line retailers, a web site may include a link to another site that purports to “verify” the authenticity of the on-line retailer. By clicking on the link, a user (such as a potential customer) is re-directed to another web page displaying the “certificate” of the on-line retailer. In general, these systems are referred to as “second site authentication” and have (unfortunately) been found to be relatively easy to forge. Domain names that are relatively similar to reputable “verification services” may be purchased by unscrupulous individuals who may then create ‘fake’ certificates and present them to unwary third parties looking for verification of a certain product or service. Simply put, good sites send you to other good sites for authentication, bad sites send you to other bad sites. Moreover, the proliferation of bad sites in the marketplace of second site authentication services remains problematic. While some browser add-ons may alert the user to “bad sites”, this solution results in a race between the bad guys who create new bad sites, and the people who administer the add-ons and have the task of continually updating the identification of bad sites. Indeed, this approach is the same as the one used by parental control tools to warn of internet-based sexual material. Experience has thus shown that the race is never over, and there will always be ways to access untoward information.
One prior art attempt to address some of these problems is disclosed in US Patent Application Publication 2009/0177694, issued on Jul. 9, 2009 to Paul L. Olson. In this disclosure, a central repository is created for storing all authenticated credentials, where each credential is formed to include a checksum. An individual interested in reviewing a particular credential then accesses the repository, retrieves the desired credential and the checksum is calculated and presented for verification. The existence of a match is thus considered to authenticate the credential to the individual.
While an advance over the more general second site authentication processes, it is still possible for someone to implement the system of Olson so as to set up and maintain a “faux site” for holding fake credentials in a similar manner. One reason this is possible is that the originating organizations (e.g., professional associations, colleges, licensing organizations and the like) do not retain control of the certificates, but pass them off to the repository. Further, there is no indication that any kind of expiration of a credential is included with the data stored in the repository.
Previous work by the inventor, embodied in U.S. patent application Ser. No. 12/829,550 filed Jul. 2, 2010 and herein incorporated by reference, addresses many of the drawbacks of the prior art. However, as will be discussed in detail below, the prior system did not limit the “type” of information that could conceivably be included in a certification, which could allow misrepresentations to occur.
For example, if the credentialing organization is Yale University, it is fine for Yale to certify the degree(s) it granted to an individual. However, Yale is not considered to be a preferred source of information for job history, military service or citizenship. Thus, a need remains for an arrangement that also controls the type of information that is verified by the certifying organization.